George Tsoukas, ANZ Manager, Gigamon, tells us how HR and IT teams must work together to make sure remote working is as safe as possible.
The face of business has changed dramatically in recent times, with new figures from Roy Morgan research showing that over 4.3 million people (32% of all Australian employees) are now working from home (WFH).
Some companies are considering scaling down physical offices in favor of a long-term remote working model. Employers are striving to balance team productivity, security and employee engagement. If WFH is the new norm, it’s impossible to ignore the challenging nature of the situation.
Remote working affects performance not only for technical, practical reasons. The emotional impact is perhaps equally significant. Business leaders may think the technology that allows us to do our jobs and the initiatives that enable us to feel supported at work aren’t related, but they’d be sorely mistaken.
This is why IT and HR teams need to partner to empower employees to do their best work from home and to help their organizations safely and securely weather the storm over the coming year.
Shared responsibility
Traditionally, IT Security teams have been considered the sole owners of the cybersecurity element of a business. It was their responsibility to implement the right technologies to protect the organization and that was that.
But in the current situation, the cybersecurity landscape is becoming increasingly complex with new and exacerbated threats: The surge in home working has caused a spike usage of vulnerable services, such as virtual private networks (VPNs), incrementing the likelihood of attacks to individuals and organizations.
Cybercriminals have been found to lure in people working from home with the pretext of sharing useful information on the pandemic and compromising their networks as a result.
These attacks can not only disrupt business activities but also cause employees a great deal of distress. With so many people accessing corporate networks from personal devices, their own data is also now at risk.
While threat protection technology can help to safeguard organizations, users must also be trained to recognize potential threats in emails such as unsolicited attachments or links and be provided with clear guidelines on how to handle such events.
As part of the new landscape, companies should consider adopting a Zero Trust approach, assuming everything is suspect and eliminating implicit trust associated with the locality of user access.
This model is founded on network visibility and requires insight into all assets (applications, devices, users) and their interactions. This enables IT pros to create and enforce an authentication and access control policy: If these are tied to assets and not network segments, the same set of policies can be applied regardless of where a user is accessing data and applications from.
The thing about Zero Trust is that it’s not a product, it’s a mindset. While it’s IT’s job to get the technical elements right, people’s behavior, their awareness of security threats and their respect for policies, can have a huge impact. That’s why IT and HR teams must be in sync, with HR taking the lead in communicating the importance of a Zero Trust approach to the entire workforce.
After all, the expression Zero Trust has implied negativity, with employees feeling that excessive controls can hinder their productivity or, worse, are designed to monitor their every step.
It’s HR’s responsibility to help IT teams drive education around cybersecurity risks and how a ZT model is crucial to mitigating them. It’s also useful, as part of internal comms, to share tips on how to stay alert and, for example, detect social engineering attacks. This education, alongside solid network visibility, is the first step to protecting the organization against cybercrime.
HR can add real value
A dispersed workforce creates a series of business performance obstacles, the first of which is information. In a time of extreme uncertainty, companies should look at forming a cross-functional task force to centralize useful information, from sharing WFH tips and best practices to fixing minor IT issues before they escalate. With misinformation spreading like wildfire in times of crisis, it’s important to give employees a single source of truth.
Being able to easily share resources, communicate ideas and feel like part of the team is key to maintaining productivity. Encouraging video conferences, rather than audio calls, can help to enhance the sense of collaboration.
Businesses should also enable seamless communications with instant messaging tools, like Slack, allowing employees to pose questions to their teammates and receive answers more quickly, as they would have done face to face. Preserving positive office dynamics is critical, so HR and IT must team up to make this possible with the right technology.
While striving for an efficient business-as-usual approach, companies shouldn’t neglect to take care of their employees as people. IT and HR should work together to create initiatives that are aimed at helping staff cope with the difficulties they are facing right now.
For example, with many employees forced to be isolated from some of their loved ones, offering them the use of corporate web conference accounts for personal communications can help to keep the morale high. Small but significant gestures can make a world of difference in keeping teams happy, engaged and motivated.
When we think of the implementation of new technologies or processes that allow companies to evolve and adapt, we think of IT teams: driving innovation and making change possible.
Yet it’s important to understand that change can take place only with the buy-in of workers in the business environment. In order to get the people on board, HR staff must cascade down the instructions and decisions that come from the company’s digital leadership.